US broker-dealers and registered investment advisers believe the threat of an online intrusion by a nation or a terrorist group ranks near the bottom of the industry’s concerns according to a report issued by the Office of Compliance Inspections and Examinations.
The report (pdf) found that nearly 90 percent of broker-dealers and 74 percent of registered investment advisers have experienced cyber attacks either directly or via one or more of their vendors.
The Office of Compliance Inspections and Examinations ("OCIE") protects investors through administering the SEC's nationwide examination and inspection program.
In its cybersecurity study of more 57 broker-dealers and 49 registered investment advisers, the OCIE found that the majority of broker-dealers reported having received fraudulent emails seeking to transfer client funds, and more than a quarter of those firms said the losses pertaining to those emails totaled more than $5,000.
The report also noted, however, that no single loss exceeded $75,000. Additionally, only seven percent of firms who had received a phony email reported it to law enforcement or other regulatory agencies.
To enforce security practices, 93 percent of brokers and 83 percent of advisers reported to have adopted written policies.
